🏥 Diabetes&Me
Your diabetes-friendly lifestyle companion
Privacy Policy
Effective Date: 06/23/2025
Last Updated: 06/23/2025
Introduction
Diabetes&Me ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application ("App").
Important: This App is designed to help you manage diabetes-related information but is not a substitute for professional medical advice, diagnosis, or treatment. Always consult with qualified healthcare providers regarding your medical condition.
Information We Collect
Personal Information
- Account Information: Email address, name, and profile picture
- Profile Data: Bio, dietary preferences, and health goals
Health and Medical Information
- Blood Sugar Readings: Values, timestamps, context (fasting, before/after meals), and optional notes
- Nutrition Tracking: Daily carbohydrate, sugar, and exercise intake
- Health Goals: Personal targets for carbs, sugar, and exercise
- Recipe Interactions: Favorited recipes and nutrition logging from meals
Usage Information
- App Analytics: Basic usage patterns, feature interactions, and crash reports
- Recipe Data: Search queries, viewing history, and ingredient interactions
Technical Information
- Device Information: Device type, operating system version, app version
- Log Data: Error logs, performance metrics, and debugging information
How We Use Your Information
Primary Uses
- Health Management: Store and display your blood sugar readings, nutrition tracking, and health goals
- Personalization: Provide personalized recipe recommendations based on your dietary preferences
- App Functionality: Enable core features like grocery lists, recipe favoriting, and progress tracking
Secondary Uses
- Improvement: Analyze usage patterns to enhance app features and user experience
- Support: Provide customer support and troubleshoot technical issues
- Communications: Send important app updates, security notifications, and service announcements
Data Storage and Security
Storage Infrastructure
- Primary Storage: Your data is securely stored using Supabase, a SOC 2 Type 2 compliant database service
- Data Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Geographic Location: Data is stored in secure data centers located in United States
Security Measures
- Authentication: Secure user authentication with email verification
- Access Controls: Role-based access controls and principle of least privilege
- Regular Security Audits: Ongoing security assessments and vulnerability testing
- Incident Response: Established procedures for detecting and responding to security incidents
Third-Party Services
Supabase (Database & Authentication)
- Purpose: Secure data storage, user authentication, and real-time synchronization
- Data Shared: All user account and health data
- Privacy Policy: https://supabase.com/privacy
OpenAI
- Purpose: Ingredient insights and recipe suggestions
- Data Shared: Ingredient names and recipe context (no personal health data)
- Privacy Policy: https://openai.com/privacy/
Open Food Facts (Barcode Scanning)
Data Sharing and Disclosure
We DO NOT Share Your Health Data
We never sell, rent, or trade your personal or health information. Your blood sugar readings, health goals, and nutrition data remain private.
Limited Disclosure Scenarios
We may disclose your information only in these specific circumstances:
- Legal Requirements: When required by law, court order, or government regulation
- Safety Concerns: To prevent harm to you or others in emergency situations
- Service Providers: To trusted third-party services that help operate our app (all bound by strict confidentiality agreements)
- Business Transfers: In the event of a merger, acquisition, or sale (with user notification and choice)
Your Rights and Choices
Data Access and Control
- View Your Data: Access all your stored information through the app's profile section
- Update Information: Modify your profile, health goals, and preferences at any time
- Export Data: Request a copy of your data in a machine-readable format
- Delete Account: Permanently delete your account through the delete account button
Data Retention
- Active Accounts: Data is retained while your account is active
- Account Deletion: All data is permanently deleted within 30 days of account deletion request
- Legal Holds: Data may be retained longer if required by law or ongoing legal proceedings
Children's Privacy
Diabetes&Me is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately, and we will delete it promptly.
Medical Disclaimer
Important Health Information:
- This app is for informational and educational purposes only
- It is not intended to provide medical advice, diagnosis, or treatment
- Always consult with qualified healthcare professionals before making medical decisions
- Do not use this app for emergency medical situations
- Blood sugar readings and nutrition data should be verified with medical-grade devices
- Individual responses to foods and treatments vary significantly
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:
- Notify you of material changes through the app or email
- Post the updated policy with a new "Last Updated" date
- Provide at least 30 days notice for significant changes affecting your rights
Regulatory Compliance
This Privacy Policy is designed to comply with applicable privacy laws, including:
- California Consumer Privacy Act (CCPA)
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA) principles
- Children's Online Privacy Protection Act (COPPA)
Document Version: 1.0
Policy ID: DM-PP-2024-001
This Privacy Policy was last reviewed and approved on 06/23/2025 and is effective immediately for all users.